Support maven-release-plugin
#14
Conversation
| gh api -F ref=refs/tags/$version -F sha=$GITHUB_SHA /repos/$GITHUB_REPOSITORY/git/refs | ||
| if fgrep -sq changelist.format .mvn/maven.config | ||
| then # JEP-229 | ||
| mvn -B -V -s $GITHUB_ACTION_PATH/settings.xml -ntp -Dstyle.color=always -Dset.changelist -DaltDeploymentRepository=maven.jenkins-ci.org::default::https://repo.jenkins-ci.org/releases/ -Pquick-build -P\!consume-incrementals clean deploy |
There was a problem hiding this comment.
There was a problem hiding this comment.
Would it be better to make this a configuration option so that people who missed incrementals don’t accidentally go this route?
There was a problem hiding this comment.
people who missed incrementals
Or did incrementalify (e.g. via archetypes), but did not set up changelist.format. Yeah that is probably wise.
|
One important restriction: as per https://github.community/t/how-to-push-to-protected-branches-in-a-github-action/16101?u=jglick you must disable branch protection on your default branch, so e.g. Require status checks to pass before merging cannot be used. |
| gh api -F ref=refs/tags/$version -F sha=$GITHUB_SHA /repos/$GITHUB_REPOSITORY/git/refs | ||
| if fgrep -sq changelist.format .mvn/maven.config | ||
| then # JEP-229 | ||
| mvn -B -V -s $GITHUB_ACTION_PATH/settings.xml -ntp -Dstyle.color=always -Dset.changelist -DaltDeploymentRepository=maven.jenkins-ci.org::default::https://repo.jenkins-ci.org/releases/ -Pquick-build -P\!consume-incrementals clean deploy |
There was a problem hiding this comment.
Would it be better to make this a configuration option so that people who missed incrementals don’t accidentally go this route?
🤔 Instead of pushing directly to the default branch, a PR could be created. That way the branch protection can remain as-is. |
There is a Marketplace action that does something similar to work around this problem. In principle it could be possible to do that with https://maven.apache.org/maven-release/maven-release-plugin/prepare-mojo.html#pushChanges but it would make this action much more complicated—and even more error-prone than MRP usually is: you would be creating and tagging a release commit and publishing a release but the commit is still in a branch? What if that PR build flakes out and does not get automerged? And then another release build gets run? Etc. If you care about branch protection, just do not use this mode. I do not recommend it to begin with and only developed it because I am still hesitant to move away from MRP on parent POMs specifically, despite the many drawbacks of MRP. Full JEP-229 is more straightforward: if everything goes well then the existing trunk commit is tagged as a release and that is that. (You can do the same just picking some arbitrary version string, like a timestamp or whatever, which would be fine enough for something like a WAR that is consumed solely as a binary artifact, but this does not work well for things like Jenkins components including plugins that might ever become |
|
For what it's worth it, GitHub also allows the concept of "prerelease". We are using it on updatecli/updatecli , where we publish a release as "pre-release": it triggers our builds that generates the binaries. Last steps of these "prerelease" build is to set the release from "pre-release" as "latest release". Not sure how much this pattern could help there? |
Yes; orthogonal I think. Discussion |
|
We can do releases with mrp without requiring to disable protected branches. |
| git config --global user.email cd@jenkins.io | ||
| git config --global user.name jenkins-maven-cd-action | ||
| git config --global url.https://github.com/.insteadOf git@github.com: | ||
| mvn -B -V -s $GITHUB_ACTION_PATH/settings.xml -ntp -Dstyle.color=always -P\!consume-incrementals -Darguments='-Pquick-build -ntp' validate release:prepare release:perform |
There was a problem hiding this comment.
Of you are running a quick build you should probably just run validate as the preparation goal?
There was a problem hiding this comment.
The preparation goals verify that the artifact can actually be packaged. We also run validate first just to enforce the -P!consume-incrementals, which would not work inside preparation goals because of profile mayhem; jenkinsci/plugin-pom#416 would also catch mistakes but only after junk commits & tag were pushed.
There was a problem hiding this comment.
I believe the action would have issues with branch protection 😢
Don't see this ever working unless you go around each repository and allow GitHub action bot to push commits past branch protections.
There was a problem hiding this comment.
Maybe this gha could be used to try to pass over branch protections?
https://github.com/marketplace/actions/branch-protection-bot
There was a problem hiding this comment.
https://github.com/marketplace/actions/branch-protection-bot makes it doable.
Especially since we introduced https://github.com/jenkins-infra/github-reusable-workflows
There was a problem hiding this comment.
Although the GitHub action only removes include administrators, it does not remove branch protection entirely with status checks.
I believe you could create an GitHub action to retrieve current branch protect.
Remove the branch protection and restore it using an GitHub action.
There was a problem hiding this comment.
IIUC https://github.com/marketplace/actions/branch-protection-bot#access_token cannot use $GITHUB_TOKEN, which I think makes that a non-starter.
There was a problem hiding this comment.
I just read through https://github.community/t/how-to-push-to-protected-branches-in-a-github-action/16101?u=jglick and https://github.community/t/allowing-github-actions-bot-to-push-to-protected-branch/16536?u=jglick and there really does not appear to be any satisfactory solution currently: if you want to use MRP, you must either give up on having protected branches (bad) or use a bot’s PAT (worse).
Exactly what I do not want to happen. #14 (comment) |
The comment there is unclear as to why?
but we are conflating - you are not running m-r-p on PR builds - and if you are you most certainly will not be using the autogenerated versions IIUC here? You do not need to push back the commits made by m-r-p to any branch at all - you just need to push the tag. if the release build fails who cares, try it again via the actions UI. now if the tag is created but the build fails - again who cares - you have exactly this failire mode in what you are trying to do right now. if you tell maven what version number to release as (multiple ways - but strip the -SNAPSHOT and add what the incrementals changenumber would be you can get |
Because of tools like PCT which expect the version loaded/built from a checkout of a tag to match the version actually deployed from that tag. Irrelevant for stuff like microservices where Maven is just a tool used to upload a binary in one direction, but relevant for projects like Jenkins which make heavy use of inter-repository artifact dependencies. MRP in default usage satisfies this constraint via its first junk commit (the tagged one fixing a non-
If you are using MRP solely as a way to
And therein lies the problem, because that will be the POM version after the release as well, so you would just be releasing lots of Maybe I need to back up and explain the purpose of this PR. It is to allow a Maven component currently released via MRP on a developer machine in the typical way, e.g. git checkout master
git pull --fast-forward
mvn release:{prepare,perform}
git pull --fast-forwardto be releasable from hosted infrastructure, optionally upon every significant PR merge, with no personal Artifactory credentials (solely GitHub write permission), and no need to manually publish draft release notes; but otherwise make no changes whatsoever to process, POM structure, version formats, etc., and retaining all of the other drawbacks of MRP in its normal usage mode—junk commits, race conditions, possibility of broken half-deployed states, etc.
Of course not. For this you need to look back over context. I was discussing a possible workaround to the problem of using MRP with branch protection enabled, given the limitation that GHA currently defines |
Any particular reason? There have been several releases on plugin POM classified as breaking without bumping major version. |
That it would require additional testing to be sure that the Flatten plugin is not going to mess something up. The JEP-229 version scheme seems to work fine for |
|
@jglick this might be the closest we get, this seems like a decent compromise, MBR is less noisy and PR is sent for version bump. https://github.com/jenkinsci/gitea-plugin/blob/master/.github/workflows/cd.yaml All doable with a new reusable workflow in the https://github.com/jenkins-infra/github-reusable-workflows |
|
@justusbunsi I do not see you actually uploading plugin during your CD flow, so are you manually running MBR locally? 😰 |
Yes this is possible. As I mentioned in #14 (comment) this seems (IMO) at least as problematic as the other alternatives. If you want to go ahead with that approach nonetheless, and set expectations very low, I will just close this PR. I was inclined to do so anyway. Anyway I do not think justusbunsi@0855b92 suffices. If are you doing something like MRP but not actually using MRP, you need to recreate some of the stuff that MRP does in its release profile. JEP-305 adds that back in using the |
I think it's actually uploaded by the mvn command. https://github.com/justusbunsi/jenkins-maven-cd-action/blob/cc144a67ddc6ea116e038a99f1cb76c2cf07554f/run.sh#L15 EDIT: Looking into the last release build, this command was executed:
Looks like the altDeploymentRepository combined with maven token does the upload? |
|
its the |
I think that fits the most/best. Especially for the Gitea plugin the other maintainer and I have decided that we wanted to keep readable versions but automate the releases workflow. So we might not follow the full MRP procedure right now. 😅 EDIT:
IIRC, it's due to the empty changeset during build. |
|
Could we achieve the same as MRP with out using MRP and no junk commits? Since it seems possible for JEP 229 use case to produce a POM that PCT can understand. scmTag and changeset can be updated via properties. Is it because PCT require a POM without properties or flatten values. |
Oh…OK. That was never intended to be used in this way, but I guess it could work?
You mean MRP?
Well, sure, it is just a tool.
Only if you can mechanically generate the version number you want for a given commit during the build itself: #19 (comment)
Because it (actually JEP-305) is doing the tricky thing, as above.
No, it can of course use a POM with properties and non-flattened value, but when you check out the tag or commit given by |
Release drafter is capable of producing version number based on labels used for the release. And release drafter supports semver. It will default the bump to whatever default you set in your release-drafter config: Also with config you can do The tag can be read from github action output even. |
That's true. It was never intended in this repository. That's why I forked it and added the switch to opt-out this changeset. There was #13 to include it but I understand why that PR was closed. |
Not for this purpose. |
|
To reiterate, you can either
|
I take it when you mean I don't quite understand why not. |
|
What if I managed to finish release-drafter/release-drafter#1173 you would get a CLI, you could than wrap that CLI in maven extension and bobs your uncle? 😅 |
Yes. |
|
https://groups.google.com/g/jenkinsci-dev/c/i348jNcX7pY/m/Rrn453pWAAAJ
Working in
build-token-root. If merged, will need to update https://www.jenkins.io/doc/developer/publishing/releasing-cd/ accordingly.